Claims 



1. A prWess for configuring, across the Internet, a digital certificate 
for a network devica the process comprising: 

bxiilding a secret data encryption key into a network device when the 
network device is manuikctxired; 

maintaining the secret key and a corresponding miique identifier of the 
network device in a database server accessible over the Internet; 

sending, across the Intern^ fi-om the network device to the database 
server, a two-part message whereiiMhe first part contains the imique identifier, 
the IP address of the network device alnda request for a digital certificate, and 
wherein the first part is encrypted ijIsingYik built-in secret key, and wherein 
the second part of the message has arlea^^some of the same information as the 
first part of the message, including the tmique identifier, but is not encrypted; 

determining, by the database server, the secret key firom the database 
using the unique identifier received in the second of the message; 

decrypting, using the secret key firom the database, the first part of the 
message; \ 

comparing the information in the decrypted first pW of the message with 
the information in the second part of the message; \ 
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2, \A process for configuring a digital certificate for a network device 
in a network environment, tlie process comprising: 
embodying £K^ecret key into the device; 
storing, by an ^tity responsible for embodying the secret key, the secret 
key and a unique identification number of the device in a secure database 
accessible by the entity andV certificate authority; 

receiving, by a certificare authority, a two-part message firom the network 
device requesting a digital certificate wherein the first part of the message 
includes the imique identification nts^ber and the second part of the message is 
an encrjTption of the first part of the/fn^ss^ge encrypted with the secret key; 

determining, by the certificatestutl^ority, the secret key firom the 
database using the imique identification niknber; 

decrypting, using the secret key fi*om tJ^e database, the second part of the 
message; 

comparing the decrypted message with theWst part of the message; and 
sending a digital certificate to the network device if the two parts match. 



3. The process of claim 2 wherein the networlr^^levice is a fax 
machine. 
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1 ^' \ '^^^ process of claim 2 wherein the network device is a printer. 

1 5. Tne process of claim 2 wherein the network device is a modem. 

1 6. The prooagsM* claim 2 wherein the entity embodjdng the secret key 

2 and the certificate autholr^ a same entity. 

1 7. The process of cmim 2 wherein the entity embodying the secret key 

, J2 is a manufacturer of the network device, and wherein the secret key is 

Q \ 

□? embodied in the device when the atevice is manufactured. 

? \ 

ff3 8. A network device havirtg a vmique identification nimiber, the 

network device comprising: \ 
^ a secret key embodied in said networlc^device when the network device is 

y» manufactured; \ 

5 means for generating a two-part message requesting, fi:om a digital 

6 authority, a digital certificate wherein the first part of the message includes the 

7 imique identification number and the second part of the message is an 

8 encryption of the first part of the message using the secret key; and 

9 means for receiving a digital certificate. \ 
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9. The network device of daim 8 wherein the network device is a 
printer. 

10. The network device of claim 8 wherein the network device is a fax 
machine. 

11. The network device of claim 8 wherein the network device is a 
modem. 
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1 12. A computer system having a database, the computer system 

2 comprising: \ 

3 means for receding a secret key and a corresponding unique 

4 identification number of a network device from an entity responsible for 

5 embodying the secret key iiito the network device; 

6 means for storing the\secret key and the corresponding imique 

7 identification number in the database; 

8 means for receiving a twoV)2irt message fi*om the network device 

, 9 requesting a digital certificate wherein a first part of the message includes the 

O V-v 

umque identification number and this second part of the message is an 

# encryption of the first part of the n^ess^tefe^eac^ by the network device 

^ using the embodied secret key; \ 

J0 means for accessing the database to find the secret key associated with 

the unique identification number firom the first part of the message; 
§? means for decrypting the second part of the message using the secret key 

16 firom the database; \ 

17 means for comparing the decrypted second part of the message with the 

18 first part of the message; and \ 

19 means for sending to the network device a digital certificate if the 

20 decrypted part of the message matches the first part of the message. 
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13. 1^ computer program, on a computer-usable medium, comprising: 

means for^nabling receipt of a secret key and a corresponding imique 
identification nimioer of a network device firom an entity responsible for 
embodying the secret ikey into the network device; 

means for causing^he secret key and the corresponding unique 
identification number to beSstored in a database; 

means for enabling receipt of a two-part message firom the network device 
requesting a digital certificate wherein a first part of the message includes the 
unique identification number and the second part of the message is an 
encryption of the first part of the message encrypted by the network device 
using the embodied secret key; | V 

means for causing an access to the natabase to find the secret key 
associated with the unique identification numb Grom the first part of the 
message; \ 

means for causing a decryption of the secWd part of the message xising 
the secret key firom the database; \ 

means for comparing the dcaypted second part of the message with the 
first part of the message; and \ 

means for causing a digital certificate to be sent to ilie network device if 
the decrypted part of the message matches the first part of the message. 
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14. \ A method executed in a computer system having a database, the 
method compmsing: 

receiving^ secret key and a corresponding unique identification number 
of a network devios fi:om an entity responsible for embodying the secret key into 
the network device; \ 

storing the secret key and the corresponding imique identification 
number in the database;\ 

receiving a two-part message fi-om the network device requesting a 
digital certificate wherein a first part of the message includes the xmique 
identification number and the stecond part of the message is an encryption of 
the first part of the message enaymBd bv^e network device using the 
embodied secret key; \ 

accessing the database to find me secret key associated with the imique 
identification number firom the first part iDf the message; 

decrypting the second part of the message using the secret key firom the 
database; \ 

comparing the decrypted second part of theSinessage with the first part of 
the message; and \ 

sending to the network device a digital certificate^ if the decrypted part of 
the message matches the first part of the message. \ 



